High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
The Librarian of Congress recently decided in their triennial DMCA exemption rule-making process to remove the existing exemption that allowed individuals to unlock their own mobile phones to use on the compatible network of their choice. As a result of this decision, individuals no longer have clear immunity to unlock new phones - thereby putting them in potential legal jeopardy.
In the face of efforts to reform the Computer Fraud and Abuse Act (CFAA), some buinesses have told lawmakers that the CFAA should be used to punish breach of contract where the breacher acted "for purposes of commercial advantage or private financial gain". Such a proposal does not fix the ability of prosecutors to go after people for disregarding terms of service.
Worse, the idea is unprecedented, dangerous and unacceptable.
The Hacker Manifesto lauds the world of the electron and the switch, where the talented are treated equally and the values of curiosity and exploration reign supreme. Yet studying computers, network security, and programming flaws can be a crime or civil offense. Just two examples: In Sony v. Hotz (2011), a case that eventually settled, Sony claimed that researchers who studied the way their own game consoles worked violated the CFAA.
Law professor and cybercrime expert Orin Kerr published a proposal to amend the Computer Fraud and Abuse Act (CFAA) to address the overcriminalization that he has been at the forefront of identifying and combatting. His current proposal, which very simply but comprehensively addresses a number of problems with the CFAA, is here.
By focusing purely on whether the service operator implements technological access barriers, the proposal risks a similar problem to the one that the current statute has, giving server owners plenary authority to criminalize the way members of the public interact with information made available online, but through “technological access barriers” rather than merely terms of service and employee agreements.
Yesterday, Representative Zoe Lofgren introduced on Reddit a bill to improve the Computer Fraud and Abuse Act in the wake of Aaron Swartz's suicide during the pendency of his prosecution for violating various provisions of that law and of the Wire Fraud Act. I've attached
Slides from the BlackHat 2016 presentation by Jennifer Granick and Riana Pfefferkorn titled "When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement."
This post is the latest installment of our “Monday Reflections” feature, in which a different Just Security editor examines the big stories from the previous week or looks ahead to key developments on the horizon.
"“This sanctions law, which was written for one purpose,” said Jennifer Stisa Granick, a staff attorney with the American Civil Liberties Union’s Speech, Privacy and Technology project, “is being used to suppress speech with little consideration of the free expression values and the special risks of blocking speech, as opposed to blocking commerce or funds as the sanctions was designed to do. That’s really problematic.”"
"Jennifer Granick, a lawyer with the ACLU’s technology division, said that abuses of power will become unavoidable if companies continue to face pressure to moderate their content.
“It's not a surprise that Twitter employees have this capability,” Granick said. “The public and Congress have been demanding that the platform companies create the ability to ban people from the platform or delete particular messages.”"
"“There’s always been employees who have misused the keys,” said ACLU surveillance and cybersecurity counsel Jennifer Granick. She pointed to the tension among some who would prefer that tech platforms censor users' content, whether that’s policing Russian-planted accounts and ads or kicking Trump off Twitter for what they perceive as hate speech. “They’re under extreme pressure from Congress,” she said."
"“Congress has subpoena power, of course,” says Al Gidari, the director of privacy at Stanford Law School’s Center for Internet and Society, who previously represented several big tech companies in national security cases.
"Albert Gidari, Director of Privacy for the Center for Internet and Society at Stanford Law School, told us he agrees with the EFF’s argument:
Asking for metadata on everyone that visits a particular website implicates more than just the particularity required by the 4th Amendment. It implicates the 1st Amendment rights of anyone that visited the site.
Jennifer Granick, Director of Civil Liberties, will speaking at the ISSA-LA Summitt.
More information: https://issalasummit9.wpengine.com/?page_id=285/#Granick
Title: American Spies, Modern Surveillance, and You
Join Just Security for a fireside chat on the current state of U.S. surveillance and a celebration of Jennifer Granick‘s new book, American Spies: Modern Surveillance, Why You Should Care, And What to Do About It. Opening remarks by Senator Ron Wyden.
US intelligence agencies - the eponymous American spies - are exceedingly aggressive, pushing and sometimes bursting through the technological, legal and political boundaries of lawful surveillance. Written for a general audience by a surveillance law expert, this book educates readers about how the reality of modern surveillance differs from popular understanding.